Primary

Context

WeGIA Open Redirect Vulnerability in Control.php Endpoint

Vulnerability

Patched

A moderate open redirect vulnerability has been identified in WeGIA versions 3.4.12 and prior. The issue resides in the control.php endpoint, specifically within the nextPage parameter. This vulnerability allows attackers to redirect users to arbitrary external domains, potentially leading to phishing attacks, distribution of malicious payloads, or theft of user credentials.

Impact

Exploitation of this vulnerability could result in users being redirected to malicious websites, increasing the risk of phishing attacks, credential theft, or exposure to malware.

Reproduction

To reproduce this vulnerability, send a GET request to the control.php endpoint with the nextPage parameter set to an external URL, such as https://google.com. The server will accept the request and redirect the user to the specified external site, bypassing any internal domain restrictions.

Remediation

Users are advised to update to WeGIA version 3.5.0, where this vulnerability has been fixed.

Added: Oct 2, 2025, 9:18 PM

Updated: Oct 2, 2025, 9:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.2

remediation

7.7

relevance

0.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.2

remediation

7.7

relevance

0.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WeGIA Open Redirect Vulnerability in Control.php Endpoint

Vulnerability

Impact

Reproduction

Remediation

Affected Products

LabRedesCefetRJ WeGIA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating